If you're looking for a VPN server to host in-house, look no further than the AlmaLinux/Pritunl combination. See how easy it is to get this service up and running.
Pritunl is an open source VPN server you can easily install on your Linux servers to virtualize your private networks. This particular VPN solution offers a well-designed web UI for easy administration and management. All traffic between clients and server is encrypted and the service uses MongoDB, which means it includes support for replication.
I've walked you through the process of installing Pritunl on Ubuntu Server 20.04 and now I want to do the same with AlmaLinux 8.5. You should be able to get this VPN solution up and running in minutes.
SEE: Password breach: Why pop culture and passwords don't mix (free PDF) (TechRepublic)
What you'll need
To successfully install Pritunl on AlmaLinux, you'll need a running/updated instance of the OS and a user with sudo privileges. You'll also need a domain name that points to the hosting server (so users can access the VPN from outside your network).
How to configure the firewall
The first thing we'll do is configure the AlmaLinux firewall. Let's start by allowing both HTTP and HTTPS traffic in with the commands:
sudo firewall-cmd --permanent --add-service=http sudo firewall-cmd --permanent --add-service=https
Then, we'll reload the firewall with:
sudo firewall-cmd --reload
How to install MongoDB
Next, we'll install the MongoDB database. Create a new repo file with:
sudo nano /etc/yum.repos.d/mongodb-org-4.4.repo
Paste the following into the new file:
[mongodb-org-4.4] name=MongoDB Repository baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/4.4/x86_64/ gpgcheck=1 enabled=1 gpgkey=https://www.mongodb.org/static/pgp/server-4.4.asc
Note: There's a newer version of MongoDB (version 5), but I have yet to successfully get it to install on AlmaLinux. Because of that, I'm going with version 4.4.
Save and close the file.
Install MongoDB with:
sudo dnf install mongodb-org -y
Start and enable MongoDB with:
sudo systemctl enable --now mongod
SEE: VPN and mobile VPN: How to pick the best security solution for your company (TechRepublic Premium)
How to install Pritunl Server
Next, we'll install Pritunl. Create the repo file with:
sudo nano /etc/yum.repos.d/pritunl.repo
In that file, paste the following:
[pritunl] name=Pritunl Repository baseurl=https://repo.pritunl.com/stable/yum/centos/8/ gpgcheck=1 enabled=1
Save and close the file.
Install the EPEL repository with:
sudo dnf install epel-release -y
Import the Pritunl GPG keys with:
gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 7568D9BB55FF9E5287D586017AE645C0CF8E292A gpg --armor --export 7568D9BB55FF9E5287D586017AE645C0CF8E292A > key.tmp; sudo rpm --import key.tmp; rm -f key.tmp
Install Pritunl with the command:
sudo dnf install pritunl -y
When the installation completes, start and enable the service with:
sudo systemctl enable pritunl --now
How to increase the Open File Limit
To prevent connection issues to the Pritunl server when it's under a higher load, we need to increase the open file limit. To do this, issue the following commands:
sudo sh -c 'echo "* hard nofile 64000" >> /etc/security/limits.conf' sudo sh -c 'echo "* soft nofile 64000" >> /etc/security/limits.conf' sudo sh -c 'echo "root hard nofile 64000" >> /etc/security/limits.conf' sudo sh -c 'echo "root soft nofile 64000" >> /etc/security/limits.conf'
How to access the Pritunl web UI
Give the service a moment to start and then point a web browser to https://SERVER (where SERVER is either the IP address or domain of the hosting server). You should be greeted by the Pritunl database setup window (Figure A).
To continue, you must generate a setup key with the command (run on the hosting server):
sudo pritunl setup-key
This will generate a random string of characters that you copy and paste into the Setup Key text area of the Pritunl database setup window. After pasting the key, click Save and wait for the database to be upgraded. You will then be presented with the Pritunl login window. Before you log in, you must retrieve the default login credentials with the command:
sudo pritunl default-password
The above command will print out both the username and password for you to use to log into the Pritunl web UI. Make sure to save those credentials. Once you've successfully logged in, you'll be prompted to change the admin user's password and complete the initial setup (Figure B).
And there you go. You now have the Pritunl VPN server up and running on AlmaLinux 8.5. At this point, you can configure the server to meet the needs of your business and users.
- NIST Cybersecurity Framework: A cheat sheet for professionals (free PDF) (TechRepublic)
- What are mobile VPN apps and why you should be using them (TechRepublic Premium)
- How to become a cybersecurity pro: A cheat sheet (TechRepublic)
- Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)
Subscribe to TechRepublic's How To Make Tech Work on YouTube for all the latest tech advice for business pros from Jack Wallen.